17 Bad Mobile Apps Still Up, 700,000+ Downloads So Far

We’ve reported previously that malicious apps were discovered in the official Android app store, which is now known as Google Play. While those reported apps were removed, more malicious apps have been seen in the official marketplace and appear to be still victimizing users. This is just one of the important reasons why we feel that a technology like our Trend Micro Mobile App Reputation is crucial in users’ overall mobile experience and security.

In total, we have discovered 17 malicious mobile apps still freely downloadable from Google Play: 10 apps using AirPush to potentially deliver annoying and obtrusive ads to users and 6 apps that contain Plankton malware code.

Application Name

Package Name

App Developer

Brief Behavior Description

Spy Phone PRO+

com.spinXbackup.backupApp

Krishan

Sends out GPS location, SMS and call log

微笑的小工具

com.antonio.smiley.free

Antonio Tonev

Connects to C&C server and waits for the command

應用程序貨架

com.antonio.wardrobe.apps.lite

Antonio Tonev

Connects to C&C server and waits for the command

小兔子射氣球

com.christmasgame.balloon

Ogre Games

Connects to C&C server and waits for the command

阿維亞拼圖

com.macte.JigsawPuzzle.Aviation

Macte! Labs

Connects to C&C server and waits for the command

山拼圖

com.macte.JigsawPuzzle.Hills

Macte! Labs

Connects to C&C server and waits for the command

食品謎

com.macte.JigsawPuzzle.Food

Macte! Labs

Connects to C&C server and waits for the command

NBA SQUADRE PUZZLE GAME

com.bestpuzzlesgames.NBA1

Crisver

Pushes applications and advertisements to user

NFL Puzzle Game

com.bestpuzzlesgames.nfl

Crisver

Pushes applications and advertisements to user

本機拼圖

com.macte.JigsawPuzzle.Indians

Macte! Labs

Pushes applications and advertisements to user

拼圖：紐約

com.macte.JigsawPuzzle.NewYorkCity

Macte! Labs

Pushes applications and advertisements to user

Cricket World Cup and Teams

com.bestpuzzlesgames.cricket

Crisver

Pushes applications and advertisements to user

怪物3D

com.killu.m3d

Killugames

Pushes applications and advertisements to user

最佳設計的鞋子

com.killu.bds

Killugames

Pushes applications and advertisements to user

爆轉陀螺益智

com.manic.bb

Manic Puzzles

Push applications and advertisements to user

芭比好萊塢之謎

com.espu.bho

Puzzles

Push applications and advertisements to user

芭比娃娃夢幻之謎

com.espu.bafa

Puzzles

Push applications and advertisements to user

Among them, one app which explicitly describes itself as a spying app has also been flagged as a threat by Trend Micro due to its potential for misuse. This particular threat is known as ANDROIDOS_PDASPY.A. Its Google Play page makes it clear what its purpose is:

The attacker must initially install and set up this particular app onto the target phone, as can be seen in the following screenshots:

Its capabilities include tracking a phone’s location, phone calls, and messages. Once the attacker presses the “Save & Start” button, the attacker can then track the device via the website given:

Most of these apps have been downloaded several thousand times. The above PDASpy app appears to have been downloaded more than 100,000 times. Collectively, the detected apps have been downloaded more than 700,000 times. Users not running any mobile security app may be victimized by annoying ads (AirPush) or the apps’ (Plankton) malicious connections to remote C&Cs.

We discovered these apps as part of our Mobile App Reputation efforts. We continuously monitor both official and third-party app stores for both newly uploaded and popular apps and check for the behavior of these apps. We look not just for malicious behavior, but also bandwidth-consuming and battery-consuming routines.